ClawHub

Windows-Android_SSH_Remote_Control

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only guide for setting up Windows remote access from Android, with no hidden automation, but users should understand the security risks of enabling remote access and entering Windows credentials on a phone.

Install only if you intend to configure remote access to your own Windows PC. Prefer Tailscale or ZeroTier over public port forwarding, use SSH keys instead of passwords where possible, avoid saving Windows credentials on shared or untrusted Android devices, and review the Windows firewall/router changes before applying them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
This is a mismatch because the declared purpose describes a substantive remote-control and SSH/RDP setup capability, but the actual code does not implement any of that functionality. Instead, it merely prints a placeholder message and includes comments indicating that real logic has not been added yet. There are no hidden extra capabilities, but the primary purpose of the code materially differs from the description because the described behavior is absent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This is a markdown file, so SQP-2 applies to missing warnings in the skill description. The guide tells the user to enter Windows credentials into a remote desktop app, but it does not include any warning about handling sensitive credentials, device trust, or the security implications of storing them on the Android device.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal